CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,655 vulnerabilities with CWE-89
CVE-2024-10805
MEDIUM
University Event Management System 1.0 - SQL Injection via doedit.php id Parameter
CVSS 6.3
CVE-2024-10791
HIGH
Codezips Hospital Appointment System 1.0 - SQL Injection via Name Parameter in doctorAction.php
CVSS 7.3
CVE-2024-51327
CRITICAL
ProjectWorlds Travel Management System 1.0 - SQL Injection Authentication Bypass via Login Form
CVSS 9.8
CVE-2024-51326
HIGH
projectworlds Travel Management System 1.0 - SQL Injection via deletesubcategory.php t2 Parameter
CVSS 7.5
CVE-2024-51626
HIGH
Mansur Ahamed Woocommerce Quote Calculator <1.1 - SQL Injection
CVSS 8.5
CVE-2024-51672
HIGH
WPDeveloper BetterLinks <2.1.7 - SQL Injection
CVSS 7.6
CVE-2024-36485
HIGH
Zohocorp ManageEngine ADAudit Plus <8121 - SQL Injection
CVSS 8.3
CVE-2024-48878
HIGH
ManageEngine ADManager Plus <= 7241 - SQL Injection in Archived Audit Report
CVSS 8.3
CVE-2024-10760
MEDIUM
University Event Management System 1.0 - SQL Injection via /dodelete.php id Parameter
CVSS 6.3
CVE-2024-10759
MEDIUM
Farm Management System 1.0 - SQL Injection via pigno Parameter
CVSS 6.3
CVE-2024-10758
HIGH
code-projects/anirbandutta9 Content Management System and News-Buzz 1.0 - SQL Injection via user_name Parameter
CVSS 7.3
CVE-2024-10752
HIGH
Codezips Pet Shop Management System 1.0 - SQL Injection via /productsadd.php id/name Parameter
CVSS 7.3
CVE-2024-10751
MEDIUM
Codezips ISP Management System 1.0 - SQL Injection via pay.php Customer Parameter
CVSS 6.3
CVE-2024-10742
MEDIUM
Wazifa System 1.0 - SQL Injection via control.php 'to' Parameter
CVSS 6.3
CVE-2024-10741
HIGH
E-Health Care System 1.0 - SQL Injection via f_name Parameter
CVSS 7.3
CVE-2024-10740
MEDIUM
E-Health Care System <= 1.0 - SQL Injection via consulting_id Parameter
CVSS 6.3
CVE-2024-10739
HIGH
E-Health Care System 1.0 - SQL Injection via Admin Login Parameters
CVSS 7.3
CVE-2024-10738
MEDIUM
Farm Management System 1.0 - SQL Injection via manage-breed.php breed Parameter
CVSS 6.3
CVE-2024-10737
HIGH
Codezips Free Exam Hall Seating Management System 1.0 - SQL Injection via email Parameter in teacher.php
CVSS 7.3
CVE-2024-10736
HIGH
Free Exam Hall Seating Management System 1.0 - SQL Injection via email Parameter in student.php
CVSS 7.3
CVE-2024-10735
MEDIUM
Project Worlds Life Insurance Management System 1.0 - SQL Injection via /editNominee.php nominee_id Parameter
CVSS 6.3
CVE-2024-10734
MEDIUM
Project Worlds Life Insurance Management System 1.0 - SQL Injection via recipt_no Parameter in editPayment.php
CVSS 6.3
CVE-2024-10733
HIGH
Restaurant Order System 1.0 - SQL Injection via /login.php uid Parameter
CVSS 7.3
CVE-2024-10732
MEDIUM
Tongda OA 2017-11.10 - SQL Injection via /module/word_model/view/index.php query_str Parameter
CVSS 6.3
CVE-2024-10731
MEDIUM
Tongda OA < 11.10 - SQL Injection via ID Parameter in check_seal.php
CVSS 6.3
Details
Vulnerabilities
19,655
Exploit Likelihood
High